Two critical vulnerabilities in Cursor IDE enable remote code execution via prompt injection

According to CSO Online, researchers discovered two critical vulnerabilities in Cursor IDE (CVE-2026-50548, CVE-2026-50549) that allow attackers to break out of command execution sandboxes through prompt injection, achieving remote code execution. The findings highlight prompt injection as a viable attack vector for IDE-based coding assistants.

Topics

AI securityCursor

Sources

Go deeper

This intelligence is sourced automatically from public sources across the web and synthesised by the Prefactor AI pipeline. Stories are reviewed before publication.